Skip to content

Commit 281e8c9

Browse files
crazy-maxcrazy-max
committed
client: test cdi entitlement
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
1 parent f901bcc commit 281e8c9

File tree

1 file changed

+100
-0
lines changed

1 file changed

+100
-0
lines changed

client/client_test.go

Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -278,6 +278,8 @@ func testIntegration(t *testing.T, funcs ...func(t *testing.T, sb integration.Sa
278278

279279
integration.Run(t, integration.TestFuncs(
280280
testCDI,
281+
testCDINotAllowed,
282+
testCDIEntitlement,
281283
testCDIFirst,
282284
testCDIWildcard,
283285
testCDIClass,
@@ -11111,6 +11113,104 @@ annotations:
1111111113
require.Contains(t, strings.TrimSpace(string(dt2)), `BAR=injected`)
1111211114
}
1111311115

11116+
func testCDINotAllowed(t *testing.T, sb integration.Sandbox) {
11117+
if sb.Rootless() {
11118+
t.SkipNow()
11119+
}
11120+
11121+
integration.SkipOnPlatform(t, "windows")
11122+
workers.CheckFeatureCompat(t, sb, workers.FeatureCDI)
11123+
c, err := New(sb.Context(), sb.Address())
11124+
require.NoError(t, err)
11125+
defer c.Close()
11126+
11127+
require.NoError(t, os.WriteFile(filepath.Join(sb.CDISpecDir(), "vendor1-device.yaml"), []byte(`
11128+
cdiVersion: "0.6.0"
11129+
kind: "vendor1.com/device"
11130+
devices:
11131+
- name: foo
11132+
containerEdits:
11133+
env:
11134+
- FOO=injected
11135+
`), 0600))
11136+
11137+
busybox := llb.Image("busybox:latest")
11138+
st := llb.Scratch()
11139+
11140+
run := func(cmd string, ro ...llb.RunOption) {
11141+
st = busybox.Run(append(ro, llb.Shlex(cmd), llb.Dir("/wd"))...).AddMount("/wd", st)
11142+
}
11143+
11144+
run(`sh -c 'env|sort | tee foo.env'`, llb.AddCDIDevice(llb.CDIDeviceName("vendor1.com/device=foo")))
11145+
11146+
def, err := st.Marshal(sb.Context())
11147+
require.NoError(t, err)
11148+
11149+
destDir := t.TempDir()
11150+
11151+
_, err = c.Solve(sb.Context(), def, SolveOpt{
11152+
Exports: []ExportEntry{
11153+
{
11154+
Type: ExporterLocal,
11155+
OutputDir: destDir,
11156+
},
11157+
},
11158+
}, nil)
11159+
require.Error(t, err)
11160+
require.ErrorContains(t, err, "requested by the build but not allowed")
11161+
}
11162+
11163+
func testCDIEntitlement(t *testing.T, sb integration.Sandbox) {
11164+
if sb.Rootless() {
11165+
t.SkipNow()
11166+
}
11167+
11168+
integration.SkipOnPlatform(t, "windows")
11169+
workers.CheckFeatureCompat(t, sb, workers.FeatureCDI)
11170+
c, err := New(sb.Context(), sb.Address())
11171+
require.NoError(t, err)
11172+
defer c.Close()
11173+
11174+
require.NoError(t, os.WriteFile(filepath.Join(sb.CDISpecDir(), "vendor1-device.yaml"), []byte(`
11175+
cdiVersion: "0.6.0"
11176+
kind: "vendor1.com/device"
11177+
devices:
11178+
- name: foo
11179+
containerEdits:
11180+
env:
11181+
- FOO=injected
11182+
`), 0600))
11183+
11184+
busybox := llb.Image("busybox:latest")
11185+
st := llb.Scratch()
11186+
11187+
run := func(cmd string, ro ...llb.RunOption) {
11188+
st = busybox.Run(append(ro, llb.Shlex(cmd), llb.Dir("/wd"))...).AddMount("/wd", st)
11189+
}
11190+
11191+
run(`sh -c 'env|sort | tee foo.env'`, llb.AddCDIDevice(llb.CDIDeviceName("vendor1.com/device=foo")))
11192+
11193+
def, err := st.Marshal(sb.Context())
11194+
require.NoError(t, err)
11195+
11196+
destDir := t.TempDir()
11197+
11198+
_, err = c.Solve(sb.Context(), def, SolveOpt{
11199+
AllowedEntitlements: []string{"device=vendor1.com/device"},
11200+
Exports: []ExportEntry{
11201+
{
11202+
Type: ExporterLocal,
11203+
OutputDir: destDir,
11204+
},
11205+
},
11206+
}, nil)
11207+
require.NoError(t, err)
11208+
11209+
dt, err := os.ReadFile(filepath.Join(destDir, "foo.env"))
11210+
require.NoError(t, err)
11211+
require.Contains(t, strings.TrimSpace(string(dt)), `FOO=injected`)
11212+
}
11213+
1111411214
func testCDIFirst(t *testing.T, sb integration.Sandbox) {
1111511215
if sb.Rootless() {
1111611216
t.SkipNow()

0 commit comments

Comments
 (0)